Imported Upstream version 1.1upstream/1.1

5 files changed, 36 insertions, 3 deletions

diff --git a/src/pkg/archive/zip/reader.go b/src/pkg/archive/zip/reader.go
index c10f29a83..f19cf2d1f 100644
--- a/src/pkg/archive/zip/reader.go
+++ b/src/pkg/archive/zip/reader.go
@@ -353,6 +353,11 @@ func readDirectoryEnd(r io.ReaderAt, size int64) (dir *directoryEnd, err error)
 	if err != nil {
 		return nil, err
 	}
+
+	// Make sure directoryOffset points to somewhere in our file.
+	if o := int64(d.directoryOffset); o < 0 || o >= size {
+		return nil, ErrFormat
+	}
 	return d, nil
 }
 
@@ -407,7 +412,7 @@ func findSignatureInBlock(b []byte) int {
 		if b[i] == 'P' && b[i+1] == 'K' && b[i+2] == 0x05 && b[i+3] == 0x06 {
 			// n is length of comment
 			n := int(b[i+directoryEndLen-2]) | int(b[i+directoryEndLen-1])<<8
-			if n+directoryEndLen+i == len(b) {
+			if n+directoryEndLen+i <= len(b) {
 				return i
 			}
 		}
diff --git a/src/pkg/archive/zip/reader_test.go b/src/pkg/archive/zip/reader_test.go
index cf9c59c4b..833ba28ad 100644
--- a/src/pkg/archive/zip/reader_test.go
+++ b/src/pkg/archive/zip/reader_test.go
@@ -64,6 +64,24 @@ var tests = []ZipTest{
 		},
 	},
 	{
+		Name:    "test-trailing-junk.zip",
+		Comment: "This is a zipfile comment.",
+		File: []ZipTestFile{
+			{
+				Name:    "test.txt",
+				Content: []byte("This is a test text file.\n"),
+				Mtime:   "09-05-10 12:12:02",
+				Mode:    0644,
+			},
+			{
+				Name:  "gophercolor16x16.png",
+				File:  "gophercolor16x16.png",
+				Mtime: "09-05-10 15:52:58",
+				Mode:  0644,
+			},
+		},
+	},
+	{
 		Name:   "r.zip",
 		Source: returnRecursiveZip,
 		File: []ZipTestFile{
@@ -262,7 +280,7 @@ func readTestZip(t *testing.T, zt ZipTest) {
 		}
 	}
 	if err != zt.Error {
-		t.Errorf("error=%v, want %v", err, zt.Error)
+		t.Errorf("%s: error=%v, want %v", zt.Name, err, zt.Error)
 		return
 	}
 
diff --git a/src/pkg/archive/zip/struct.go b/src/pkg/archive/zip/struct.go
index ea067f355..73972d41c 100644
--- a/src/pkg/archive/zip/struct.go
+++ b/src/pkg/archive/zip/struct.go
@@ -64,8 +64,15 @@ const (
 	zip64ExtraId = 0x0001 // zip64 Extended Information Extra Field
 )
 
+// FileHeader describes a file within a zip file.
+// See the zip spec for details.
 type FileHeader struct {
-	Name               string
+	// Name is the name of the file.
+	// It must be a relative path: it must not start with a drive
+	// letter (e.g. C:) or leading slash, and only forward slashes
+	// are allowed.
+	Name string
+
 	CreatorVersion     uint16
 	ReaderVersion      uint16
 	Flags              uint16
diff --git a/src/pkg/archive/zip/testdata/test-trailing-junk.zip b/src/pkg/archive/zip/testdata/test-trailing-junk.zip
new file mode 100644
index 000000000..42281b4e3
--- /dev/null
+++ b/src/pkg/archive/zip/testdata/test-trailing-junk.zip
diff --git a/src/pkg/archive/zip/writer.go b/src/pkg/archive/zip/writer.go
index 4c696e152..e9f147cea 100644
--- a/src/pkg/archive/zip/writer.go
+++ b/src/pkg/archive/zip/writer.go
@@ -163,6 +163,9 @@ func (w *Writer) Close() error {
 
 // Create adds a file to the zip file using the provided name.
 // It returns a Writer to which the file contents should be written.
+// The name must be a relative path: it must not start with a drive
+// letter (e.g. C:) or leading slash, and only forward slashes are
+// allowed.
 // The file's contents must be written to the io.Writer before the next
 // call to Create, CreateHeader, or Close.
 func (w *Writer) Create(name string) (io.Writer, error) {